Microsoft
Software
Hardware
Network
Question : How to delete a user certicate with a batch file?
OK..I have a situation where over half of the client PC's certificates expired on 2/25/08. So if I open the
1. MMC
2. Add the snap-in for certificates
3. Under the certificates go to the 'Personal' folder
This is where I find the expired certificate. I have an automated file I can run which is a .bat file that will add a new certificate to the PC. This issue there are then two certificates the old 2/25/08 & the new 3/3/09 certificates are both showing. We cannot authenticate specific apps that require a certificate when both are there. If I open the MMC and delete the old certificate, it all works just fine.
Is there a command string or code I can add to a .bat file to delete all user certificates under the 'Personal' folder of the MMC? Even if it is a .vbs that will work and I can call it from the .bat file. This way I can add a new certificate leaving only one.
Help - Thanks in Advance
Answer : How to delete a user certicate with a batch file?
It looks like your best bet would be to download a Microsoft program named
certutil.exe
as described here:
Certutil
http://technet2.microsoft.
com/window
sserver/en
/library/
a
3d5dbb9-1b
f6-42da-a1
3b-2b220b1
1b6fe1033.
mspx
The command to put in your batch file will probably look something like:
certutil -delstore -user 1
See also:
http://groups.google.com/g
roup/
micro
soft.publi
c.windows.
server.gen
eral/brows
e_thread/t
hread/
c2c5
ccf7b7fa91
c5/b1b8316
63b5b3d55
=--==-=-=-=-
Another MS tool, that comes with the .Net Framework:
Certificate Manager Tool (Certmgr.exe)
http://msdn2.microsoft.com
/en-us/lib
rary/
e78by
ta0(VS.71)
.aspx
also supports command-line options to delete certs
=-=-=-=-=-=-=-=
Another alternative might be to delve into the registry and locate and delete the relevant entry. See
http://msdn2.microsoft.com
/en-us/lib
rary/
aa388
136(VS.85)
.aspx
for locations of system certs. FOr the location of user certs, look into the filesystem:
C:\Documents and Settings\
\Ap
plication Data\Microsoft\SystemCerti
ficates\My
\Certifica
tes
Finally (and this is what I'd do), you could write a short C++ program to use Win32 API functions, and then execute that from your batch file. The API documentation includes plenty of example code for opening a cert store, locating a cert, and deleting it:
CertFindCertificateInStore
Function
http://msdn2.microsoft.com
/en-us/lib
rary/
aa376
064(VS.85)
.aspx
CertDeleteCertificateFromS
tore Function
http://msdn2.microsoft.com
/en-us/lib
rary/
aa376
040(VS.85)
.aspx
Example C Program: Deleting Certificates from a Certificate Store
http://msdn2.microsoft.com
/en-us/lib
rary/
aa382
045(VS.85)
.aspx
=-=-=-=-=-=-=-=
Note: I have NOT personally used any of these techniques, so I suggest caution.
Random Solutions
How to unmute windows sound master volume and then increase the volume to max, using VBA
ROW_NUMBER without ORDER BY
Compiler error CS0122 ...inaccessible due to its protection level
LSASS.EXE Shuts down PC
Microsoft, Sharepoint Redirect user to subsite at logon
Can't change invoice form in Microsoft Accounting Express 2007?
Excel dollar amount to text, zero fill to left, no decimal, respect 2 positions for cents
Good practice on writing file, creating directory, etc.
run regsvr32.exe on Windows 7
'string' does not contain a definition for 'Controls' and no extension method 'Controls' accepting a first argument of type 'string' could be found
